Steps to Take After Receiving a Data Breach Notification Letter

Data breach notification letters are pieces of mail no one wants to receive. It can be frustrating to have your information exposed in a breach, but it's important to take the contents of the letter seriously.

This guide will walk you through the steps you should take when you receive a data breach notification letter. By following these steps, you can minimize your risk and limit any potential harm you may face.

Read the Contents of the Data Breach Notification Letter:
The data breach notification letter will explain what pieces of information have been exposed in the breach, which will inform you on the next steps you’ll need to take. The letter may also contain information regarding complementary services the organization is offering to breach victims, and contact information should victims have questions related to the incident.

Depending on what information has been compromised, you should consider taking the following next steps:

• Passwords: Reset your password as soon as possible. Be sure to make your password or passphrase long and unique. You do not want to reuse passwords under any circumstance. This is also a good time to enable dual factor authentication on your accounts when it is offered. By enabling dual factor authentication, it will be that much harder for malicious actors to access your account.
• Payment Card Information: Cancel any cards tied to a breach as soon as possible to prevent any fraudulent transactions. Rather than use a credit or debit card, consider using a virtual payment card to conduct online transactions.
• Contact Information: If phone numbers and email addresses are exposed in a breach, keep an eye out for suspicious messages. Cybercriminals can leverage these data points to conduct phishing and smishing attacks and various other cyberattacks that use phone numbers and email.
• Social Security Numbers: Monitor your accounts for suspicious activity, and place a credit freeze and fraud alert on your accounts with the three major credit reporting agencies: Equifax, Experian and TransUnion, which can be done in the BlackCloak application.
• Contact the Affected Organization: If you have questions related to the breach, contact the affected organization. Many of them set up phone numbers dedicated to answering questions about the breach, and it could help better inform the decisions you end up making in the months and years ahead.

It's important to remember that credit freezes and fraud alerts normally last one year. It's also incredibly important to know that cybercriminals are aware of this as well. Cybercriminals may sit on your sensitive information for years before selling it or using it to conduct identity theft. Thus, it's important to remain vigilant after the one year period. Make reviewing your accounts part of your normal cyber hygiene routine.